도메인으로 Nomad client cluster 접속

By | 2022년 8월 23일
Table of Contents

도메인으로 Nomad client cluster 접속

AWS Elastic Load Balancing 서비스를 이용해,
할당받은 도메인으로,
Nomad client cluster 에 접속할 수 있습니다.

ELB 도메인을 이용한 접속

  • health check 를 위한 Job 을 생성합니다.

    참조

  • 브라우저 -> AWS ELB -> Nomad client cluster

Nomad client cluster 를 생성한 폴더에 아래 파일을 추가합니다.

vi elb.tf
-----------------------------
resource "aws_elb" "nomad_client_elb" {
  name               = "${var.stack_name}-nomad-client-elb"
  availability_zones = var.availability_zones
  internal           = false
  idle_timeout       = 360
  security_groups    = [ aws_security_group.client_lb.id ]
  instances          = aws_instance.nomad_client.*.id

  lifecycle { create_before_destroy = true }

  listener {
    instance_port      = 2390              # 내부 포트
    instance_protocol  = "http"
    lb_port            = 2020              # 외부 포트
    lb_protocol        = "http"
  }

#  access_logs {
#    bucket  = "weblog"
#    prefix  = "www.myexample.com-"
#    enabled = true
#  }

  health_check {
    healthy_threshold   = 8
    unhealthy_threshold = 2
    timeout             = 3
    target              = "HTTP:2390/"
    interval            = 30
  }
}
-----------------------------
vi outputs.tf
-----------------------------
output "elb_dns_name" {
    value = "${aws_elb.nomad_client_elb.dns_name}"
}
-----------------------------
vi sg.tf
-----------------------------
  # health check
  ingress {
    from_port   = 2390
    to_port     = 2390
    protocol    = "tcp"
    cidr_blocks = var.allowlist_ip
  }
-----------------------------

ELB 가 작동하려면 1-2분 정도의 시간이 필요합니다.

DNS_PROBE_FINISHED_NXDOMAIN 라는 오류문구가 뜨면
아직 DNS 설정이 반영안된 상태입니다.

접속하려는 서버 포트와 health check 포트는 public access 가 허용되야 합니다.

브라우저를 이용해 http://my-nomad-client-elb-19628203.ap-northeast-2.elb.amazonaws.com:2020 에 접속하면 hello_world 에 접속할 수 있습니다.

로그확인

http_x_forwarded_for 에 접속한 클라이언트 아이피가 제공됩니다.

ssh <노마드클라이언트서버>
sudo docker ps
sudo docker logs <CONTAINER ID>

172.31.25.58 - - [25/Aug/2022:07:53:26 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:29 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:29 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:37 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"

자체 도메인을 이용한 접속

  • ELB 설정이 끝난 이후에 아래 설정을 추가합니다.

  • 도메인은 Route 53 에 의해 관리되고 있어야 합니다.

  • 브라우저 -> 자체도메인(Route 53) -> AWS ELB -> Nomad client cluster

  • https 인증서 생성 : 여기 를 참조해서 인증서를 생성합니다.

vi domain.tf
-----------------------------
data "aws_route53_zone" "skyer9_pe_kr_zone" {
  name = "skyer9.pe.kr"
}

resource "aws_route53_record" "nomad_client" {
  zone_id = data.aws_route53_zone.skyer9_pe_kr_zone.zone_id
  name    = "nomad-client.skyer9.pe.kr"
  type    = "A"

  alias {
    name                   = aws_elb.nomad_client_elb.dns_name
    zone_id                = aws_elb.nomad_client_elb.zone_id
    evaluate_target_health = true
  }
}
-----------------------------
vi acm.tf
-----------------------------
data "aws_acm_certificate" "cert_nomad_client_skyer9_pe_kr" {
  domain = "nomad-client.skyer9.pe.kr"
}
-----------------------------
vi elb.tf
-----------------------------
resource "aws_elb" "nomad_client_elb" {
  # ......
  listener {
    instance_port      = 2390              # 내부 포트
    instance_protocol  = "http"
    lb_port            = 2020              # 외부 포트
    lb_protocol        = "https"
    ssl_certificate_id = data.aws_acm_certificate.cert_nomad_client_skyer9_pe_kr.arn
  }
  # ......
}
-----------------------------

로그확인

http_x_forwarded_for 에 접속한 클라이언트 아이피가 제공됩니다.

ssh <노마드클라이언트서버>
sudo docker ps
sudo docker logs <CONTAINER ID>

172.31.25.58 - - [25/Aug/2022:07:38:07 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:38:12 +0000] "GET / HTTP/1.1" 200 7231 "-" "ELB-HealthChecker/1.0" "172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:17 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:38:20 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:21 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:21 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "ELB-HealthChecker/1.0" "172.31.43.57"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:23 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:23 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:27 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"

답글 남기기